[Full-disclosure] [ MDVSA-2010:070-1 ] firefox




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:070-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : firefox
Date : April 20, 2010
Affected: 2009.0
_______________________________________________________________________

Problem Description:

Security issues were identified and fixed in firefox:

Security researcher regenrecht reported (via TippingPoint's Zero Day
Initiative) a potential reuse of a deleted image frame in Firefox 3.6's
handling of multipart/x-mixed-replace images. Although no exploit was
shown, re-use of freed memory has led to exploitable vulnerabilities
in the past (CVE-2010-0164).

Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some
of these could be exploited to run arbitrary code (CVE-2010-0165,
CVE-2010-0167).

Mozilla developer Josh Soref of Nokia reported that documents
failed to call certain security checks when attempting to preload
images. Although the image content is not available to the page, it
is possible to specify protocols that are normally not allowed in a
web page such as file:. This includes internal schemes implemented
by add-ons that might perform privileged actions resulting in
something like a Cross-Site Request Forgery (CSRF) attack against
the add-on. Potential severity would depend on the add-ons installed
(CVE-2010-0168).

Mozilla developer Blake Kaplan reported that the window.location object
was made a normal overridable JavaScript object in the Firefox 3.6
browser engine (Gecko 1.9.2) because new mechanisms were developed
to enforce the same-origin policy between windows and frames. This
object is unfortunately also used by some plugins to determine the page
origin used for access restrictions. A malicious page could override
this object to fool a plugin into granting access to data on another
site or the local file system. The behavior of older Firefox versions
has been restored (CVE-2010-0170).

Mozilla developer Justin Dolske reported that the new asynchronous
Authorization Prompt (HTTP username and password) was not always
attached to the correct window. Although we have not demonstrated
this, it may be possible for a malicious page to convince a user
to open a new tab or popup to a trusted service and then have the
HTTP authorization prompt from the malicious page appear to be the
login prompt for the trusted page. This potential attack is greatly
mitigated by the fact that very few web sites use HTTP authorization,
preferring instead to use web forms and cookies (CVE-2010-0172).

Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows
remote attackers to cause a denial of service (memory corruption and
application crash) and possibly have unknown other impact via vectors
that might involve compressed data, a different vulnerability than
CVE-2010-1028 (CVE-2010-1122).

Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some
of these crashes showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some
of these could be exploited to run arbitrary code (CVE-2010-0173,
CVE-2010-0174)

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a select event handler for XUL tree items could be
called after the tree item was deleted. This results in the execution
of previously freed memory which an attacker could use to crash a
victim's browser and run arbitrary code on the victim's computer
(CVE-2010-0175).

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative an error in the way <option> elements are inserted into
a XUL tree <optgroup>. In certain cases, the number of references
to an <option> element is under-counted so that when the element is
deleted, a live pointer to its old location is kept around and may
later be used. An attacker could potentially use these conditions to
run arbitrary code on a victim's computer (CVE-2010-0176).

Security researcher regenrecht reported via TippingPoint's
Zero Day Initiative an error in the implementation of the
window.navigator.plugins object. When a page reloads, the plugins array
would reallocate all of its members without checking for existing
references to each member. This could result in the deletion of
objects for which valid pointers still exist. An attacker could use
this vulnerability to crash a victim's browser and run arbitrary code
on the victim's machine (CVE-2010-0177).

Security researcher Paul Stone reported that a browser applet could
be used to turn a simple mouse click into a drag-and-drop action,
potentially resulting in the unintended loading of resources in a
user's browser. This behavior could be used twice in succession to
first load a privileged chrome: URL in a victim's browser, then load
a malicious javascript: URL on top of the same document resulting in
arbitrary script execution with chrome privileges (CVE-2010-0178).

Mozilla security researcher moz_bug_r_a4 reported that the
XMLHttpRequestSpy module in the Firebug add-on was exposing
an underlying chrome privilege escalation vulnerability. When
the XMLHttpRequestSpy object was created, it would attach various
properties of itself to objects defined in web content, which were not
being properly wrapped to prevent their exposure to chrome privileged
objects. This could result in an attacker running arbitrary JavaScript
on a victim's machine, though it required the victim to have Firebug
installed, so the overall severity of the issue was determined to be
High (CVE-2010-0179).

phpBB developer Henry Sudhof reported that when an image tag points to
a resource that redirects to a mailto: URL, the external mail handler
application is launched. This issue poses no security threat to users
but could create an annoyance when browsing a site that allows users
to post arbitrary images (CVE-2010-0181).

Mozilla community member Wladimir Palant reported that XML documents
were failing to call certain security checks when loading new
content. This could result in certain resources being loaded that
would otherwise violate security policies set by the browser or
installed add-ons (CVE-2010-0182).

Note that to benefit from the fix for CVE-2009-3555 added
in nss-3.12.6, Firefox 3.6 users will need to set their
security.ssl.require_safe_negotiation preference to true. In Mandriva
the default setting is false due to problems with some common sites.

Since firefox-3.0.19 is the last 3.0.x release Mandriva
opted to provide the latest 3.6.3 version for Mandriva Linux
2008.0/2009.0/2009.1/MES5/2010.0.

Packages for 2008.0 and 2009.0 are provided due to the Extended
Maintenance Program for those products.

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Update:

Packages for 2009.0 are provided due to the Extended Maintenance
Program.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.3
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
c010232ec13300d13a09321fd53ab206 2009.0/i586/beagle-0.3.8-13.19mdv2009.0.i586.rpm
266c876250ff5406a82d0215596c4d13 2009.0/i586/beagle-crawl-system-0.3.8-13.19mdv2009.0.i586.rpm
c6d7e2452846fecfc6b3a071c5b22ce7 2009.0/i586/beagle-doc-0.3.8-13.19mdv2009.0.i586.rpm
152b2987738620c04d985efc70f93deb 2009.0/i586/beagle-epiphany-0.3.8-13.19mdv2009.0.i586.rpm
4d90e5e91d6fb74d1226d72aaa3d5c82 2009.0/i586/beagle-evolution-0.3.8-13.19mdv2009.0.i586.rpm
c0364126890604b6767052aae75c6e33 2009.0/i586/beagle-gui-0.3.8-13.19mdv2009.0.i586.rpm
570b286a25c85fa69457cbfb9b92c3a4 2009.0/i586/beagle-gui-qt-0.3.8-13.19mdv2009.0.i586.rpm
0cf57200876cd2d2396746139763e25f 2009.0/i586/beagle-libs-0.3.8-13.19mdv2009.0.i586.rpm
3171b8cbd0d1686c02a25dc6dfe73449 2009.0/i586/devhelp-0.21-3.13mdv2009.0.i586.rpm
2762fd987c8b7c858032db59e9650038 2009.0/i586/devhelp-plugins-0.21-3.13mdv2009.0.i586.rpm
1dc367c339853a8394fb0a8dd7defd3d 2009.0/i586/epiphany-2.24.3-0.1mdv2009.0.i586.rpm
a79b5b45d9a2115822b161b8b4fa8b0e 2009.0/i586/epiphany-devel-2.24.3-0.1mdv2009.0.i586.rpm
9ba9059fddf3e3dc91a7fd1edcc3c93e 2009.0/i586/firefox-3.6.3-0.2mdv2009.0.i586.rpm
a9784b1c11867fcb022bcb61f091a39e 2009.0/i586/firefox-af-3.6.3-0.1mdv2009.0.i586.rpm
6719a68cd54602337185026bfa075fb0 2009.0/i586/firefox-ar-3.6.3-0.1mdv2009.0.i586.rpm
e7c8e52c44198f50b5e4d9b7ba332eca 2009.0/i586/firefox-be-3.6.3-0.1mdv2009.0.i586.rpm
a0acbf770a2252fe68d225216fcde862 2009.0/i586/firefox-bg-3.6.3-0.1mdv2009.0.i586.rpm
03579a6cd3378c1f5a589e92c4590cfb 2009.0/i586/firefox-bn-3.6.3-0.1mdv2009.0.i586.rpm
3bb4310f4e7eaf367130e6b9ed21e481 2009.0/i586/firefox-ca-3.6.3-0.1mdv2009.0.i586.rpm
c1d8fbe3d2760a9ecccc72249255991e 2009.0/i586/firefox-cs-3.6.3-0.1mdv2009.0.i586.rpm
966cde689e1858e00a6088c25cb737aa 2009.0/i586/firefox-cy-3.6.3-0.1mdv2009.0.i586.rpm
a8bb0f98e29f08d08d09c73525d7f0fe 2009.0/i586/firefox-da-3.6.3-0.1mdv2009.0.i586.rpm
e8bd212e342aaf67410a317bdef90f96 2009.0/i586/firefox-de-3.6.3-0.1mdv2009.0.i586.rpm
9ba8957caff7d084c9b768393dd9ad8f 2009.0/i586/firefox-devel-3.6.3-0.2mdv2009.0.i586.rpm
8b203803d02699cfd97a27ddfe4a5cc2 2009.0/i586/firefox-el-3.6.3-0.1mdv2009.0.i586.rpm
3977a8351e3561623eb40a530e0c330e 2009.0/i586/firefox-en_GB-3.6.3-0.1mdv2009.0.i586.rpm
62ea90acb1dd64bd17b4ea468a20edcd 2009.0/i586/firefox-eo-3.6.3-0.1mdv2009.0.i586.rpm
c064df467bb014f83feca1de548fdadc 2009.0/i586/firefox-es_AR-3.6.3-0.1mdv2009.0.i586.rpm
ab5c67b3a161aa885b65eae4d1ffdc86 2009.0/i586/firefox-es_ES-3.6.3-0.1mdv2009.0.i586.rpm
c64c95501b1e995e14e0c405385eee54 2009.0/i586/firefox-et-3.6.3-0.1mdv2009.0.i586.rpm
47021232cbf2a6a11645de96d8319d03 2009.0/i586/firefox-eu-3.6.3-0.1mdv2009.0.i586.rpm
c404b6038d61ffd47f5468fff769c6b6 2009.0/i586/firefox-ext-beagle-0.3.8-13.19mdv2009.0.i586.rpm
a419c35964176a21dbd2d5e8b895cfa8 2009.0/i586/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.i586.rpm
176a42a89e23a62dddfea862719c76c8 2009.0/i586/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.i586.rpm
080765d3d288e772bbb3ea15125c8f38 2009.0/i586/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.i586.rpm
c7bbb49b1b42dd4947a721338971146a 2009.0/i586/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.i586.rpm
445acb52bc111620104bf8cf5a55be94 2009.0/i586/firefox-fi-3.6.3-0.1mdv2009.0.i586.rpm
e84c0560240d616fc243893b49628884 2009.0/i586/firefox-fr-3.6.3-0.1mdv2009.0.i586.rpm
c2efcf63fcb58df1cb6b60a902117490 2009.0/i586/firefox-fy-3.6.3-0.1mdv2009.0.i586.rpm
ece53c927f1ef6c83b9eb42cc840aac6 2009.0/i586/firefox-ga_IE-3.6.3-0.1mdv2009.0.i586.rpm
ef915a175c190717992af7ff7f270683 2009.0/i586/firefox-gl-3.6.3-0.1mdv2009.0.i586.rpm
7436d05728b9dbaabd49cbfb821339b3 2009.0/i586/firefox-gu_IN-3.6.3-0.1mdv2009.0.i586.rpm
c0be81db6c415fa67b7e5375767e0a1c 2009.0/i586/firefox-he-3.6.3-0.1mdv2009.0.i586.rpm
4f6eb984905f583e3f4f7e350a5ad560 2009.0/i586/firefox-hi-3.6.3-0.1mdv2009.0.i586.rpm
cd57cd4f55a2e7303c1995d26addf862 2009.0/i586/firefox-hu-3.6.3-0.1mdv2009.0.i586.rpm
89f13bdc12a9c3212a873f0df61a253f 2009.0/i586/firefox-id-3.6.3-0.1mdv2009.0.i586.rpm
3e0053f19d1d17bea8a740f70ff9801e 2009.0/i586/firefox-is-3.6.3-0.1mdv2009.0.i586.rpm
74f43311f53fc13e4dda057995f8ad67 2009.0/i586/firefox-it-3.6.3-0.1mdv2009.0.i586.rpm
b3b17965b3e9a4559722a68a3e9af618 2009.0/i586/firefox-ja-3.6.3-0.1mdv2009.0.i586.rpm
6e45f809bdb6ea515669b8155bbcdf15 2009.0/i586/firefox-kn-3.6.3-0.1mdv2009.0.i586.rpm
e05d70fad3858edcbf917508f421443e 2009.0/i586/firefox-ko-3.6.3-0.1mdv2009.0.i586.rpm
6a4733f07a757012738a920d31fb9e6a 2009.0/i586/firefox-lt-3.6.3-0.1mdv2009.0.i586.rpm
9d5d79c9ea3dcb87396ba5d6654dc20b 2009.0/i586/firefox-lv-3.6.3-0.1mdv2009.0.i586.rpm
074a46d8f2cb3fc370fda83ab1d9f279 2009.0/i586/firefox-mk-3.6.3-0.1mdv2009.0.i586.rpm
40377c79638b0ecf7d7647209a22ca8c 2009.0/i586/firefox-mr-3.6.3-0.1mdv2009.0.i586.rpm
80ad0cdbeb4e8645cec5978e2c8ea52a 2009.0/i586/firefox-nb_NO-3.6.3-0.1mdv2009.0.i586.rpm
d08440a3c934bce4a41ebd17e1e08798 2009.0/i586/firefox-nl-3.6.3-0.1mdv2009.0.i586.rpm
bf64bafaf9838e2506dc3d267665006a 2009.0/i586/firefox-nn_NO-3.6.3-0.1mdv2009.0.i586.rpm
814433a4668a173843d9bbb3c4d207a0 2009.0/i586/firefox-pa_IN-3.6.3-0.1mdv2009.0.i586.rpm
ce53ddfa3b7ec301c074b533ac6a57d1 2009.0/i586/firefox-pl-3.6.3-0.1mdv2009.0.i586.rpm
87a3ffe46281fdae60d2f86016105895 2009.0/i586/firefox-pt_BR-3.6.3-0.1mdv2009.0.i586.rpm
368eea6749c8064a42c525341e170ffa 2009.0/i586/firefox-pt_PT-3.6.3-0.1mdv2009.0.i586.rpm
ee1e0c5fd5ab246c32e46c5f581486cf 2009.0/i586/firefox-ro-3.6.3-0.1mdv2009.0.i586.rpm
cfd8897583871005116db79831cc6270 2009.0/i586/firefox-ru-3.6.3-0.1mdv2009.0.i586.rpm
46d633f669aa0654a2cacbfabf0b4258 2009.0/i586/firefox-si-3.6.3-0.1mdv2009.0.i586.rpm
27f71e05393a0f87e488315b1639ace4 2009.0/i586/firefox-sk-3.6.3-0.1mdv2009.0.i586.rpm
d0d8adf3a4fe7abb2ca0ec508fccc1fb 2009.0/i586/firefox-sl-3.6.3-0.1mdv2009.0.i586.rpm
35a1dc6e50a902f548dc2a8e51156c88 2009.0/i586/firefox-sq-3.6.3-0.1mdv2009.0.i586.rpm
b82061ef747654762ea1a3e9fa2c604d 2009.0/i586/firefox-sv_SE-3.6.3-0.1mdv2009.0.i586.rpm
d338d6fd68fe6b949f5dc7d5be57d729 2009.0/i586/firefox-te-3.6.3-0.1mdv2009.0.i586.rpm
8e6f2a4f31ae192ccf9fabee3b3ab9e0 2009.0/i586/firefox-th-3.6.3-0.1mdv2009.0.i586.rpm
b443fb3b6d4b8c275412c5a5d2f60347 2009.0/i586/firefox-theme-kfirefox-0.16-0.1mdv2009.0.i586.rpm
324030a99e7b8d9df3d52f296c75b7a1 2009.0/i586/firefox-tr-3.6.3-0.1mdv2009.0.i586.rpm
5db53d4a190bcc3b959e00a1a5012c93 2009.0/i586/firefox-uk-3.6.3-0.1mdv2009.0.i586.rpm
f65b52812827e96ebb2a7c47cd349712 2009.0/i586/firefox-zh_CN-3.6.3-0.1mdv2009.0.i586.rpm
f7f66d69e2f941d581306082681bf98d 2009.0/i586/firefox-zh_TW-3.6.3-0.1mdv2009.0.i586.rpm
458df4a0f9d8ae560671983222f23d4d 2009.0/i586/gnome-python-extras-2.19.1-20.13mdv2009.0.i586.rpm
59eb47cafbc3cc338082685c10b14b78 2009.0/i586/gnome-python-gda-2.19.1-20.13mdv2009.0.i586.rpm
3579aa43a44ba292a33377af8dcc0392 2009.0/i586/gnome-python-gda-devel-2.19.1-20.13mdv2009.0.i586.rpm
090322c61ce38ee4b93a7c3cd8a881f6 2009.0/i586/gnome-python-gdl-2.19.1-20.13mdv2009.0.i586.rpm
57fab596462f37dc9375982ada297bf1 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.13mdv2009.0.i586.rpm
a0dfb244f3bb0192001f4cc6014c8d94 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.13mdv2009.0.i586.rpm
211f52f9c377a5bbb9508e5ec9d6bdb7 2009.0/i586/gnome-python-gtkspell-2.19.1-20.13mdv2009.0.i586.rpm
502c81f17f95f03850e31f58c0860637 2009.0/i586/lemon-3.6.23.1-0.1mdv2009.0.i586.rpm
b6badf6dc890e49d79af18f041644fbd 2009.0/i586/libdevhelp-1_0-0.21-3.13mdv2009.0.i586.rpm
dd8f5a416ec4020b90cf6a5f264b4ca0 2009.0/i586/libdevhelp-1-devel-0.21-3.13mdv2009.0.i586.rpm
81b38c87d799fd04838a4ec0f317e4c9 2009.0/i586/libsqlite3_0-3.6.23.1-0.1mdv2009.0.i586.rpm
4ee9df528f54ea410410ea7890886523 2009.0/i586/libsqlite3-devel-3.6.23.1-0.1mdv2009.0.i586.rpm
7c7470631b02f710b9813eefd9e8b959 2009.0/i586/libsqlite3-static-devel-3.6.23.1-0.1mdv2009.0.i586.rpm
c0a9909050a21de8be5eee71f5dc0e4d 2009.0/i586/libxulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0.i586.rpm
5c7e2efba88646c6ee2f51523a767e96 2009.0/i586/libxulrunner-devel-1.9.2.3-0.2mdv2009.0.i586.rpm
207532513315297ab2cf0713e5418699 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.19mdv2009.0.i586.rpm
24075185dd34f652d67ce35a949d2ec7 2009.0/i586/sqlite3-tools-3.6.23.1-0.1mdv2009.0.i586.rpm
aa658e51a250c9e6c07c235c63cc28f3 2009.0/i586/tcl-sqlite3-3.6.23.1-0.1mdv2009.0.i586.rpm
a9b44e66baccec725e9e88b466bf437d 2009.0/i586/xulrunner-1.9.2.3-0.2mdv2009.0.i586.rpm
80034d32b295a0aa28144bbf298a95c6 2009.0/i586/yelp-2.24.0-3.13mdv2009.0.i586.rpm
be1deab60f8a725f6b8bfbdb8a238599 2009.0/SRPMS/beagle-0.3.8-13.19mdv2009.0.src.rpm
958d586e0f51b3eb27c2f8f52e7829db 2009.0/SRPMS/devhelp-0.21-3.13mdv2009.0.src.rpm
4792b42cbf525647004d34d274d6682d 2009.0/SRPMS/epiphany-2.24.3-0.1mdv2009.0.src.rpm
7e6b40730ae28d3084d6177fb3403037 2009.0/SRPMS/firefox-3.6.3-0.2mdv2009.0.src.rpm
4c7598ff3fa6a31f94e709d181ca2f09 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.src.rpm
025b7f312ccccfd2067f120a810a919a 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.src.rpm
8918fef155fcc90af164c9150baeaaa5 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.src.rpm
227410c21b1116934dd9ea09294625ca 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.src.rpm
07425c1f47917b38e1d0234885e1965f 2009.0/SRPMS/firefox-l10n-3.6.3-0.1mdv2009.0.src.rpm
3d37604eec701b6cf4af3d1838e909f3 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.1mdv2009.0.src.rpm
c7182e1d6cf288efab29adfda90e96f3 2009.0/SRPMS/gnome-python-extras-2.19.1-20.13mdv2009.0.src.rpm
e6ea77abf2cedcbbfeb7800a35c2caf3 2009.0/SRPMS/sqlite3-3.6.23.1-0.1mdv2009.0.src.rpm
86f62d2fb87e6ac0839ad62d76528e66 2009.0/SRPMS/xulrunner-1.9.2.3-0.2mdv2009.0.src.rpm
1b06f8c1ef094dc481bad8e0f43223e6 2009.0/SRPMS/yelp-2.24.0-3.13mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
4030cd99306a14ef5af556b69e810730 2009.0/x86_64/beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
ff8b44286445fe6c26fbbd233898843f 2009.0/x86_64/beagle-crawl-system-0.3.8-13.19mdv2009.0.x86_64.rpm
803653b787f41199cb7e0e46be67dbea 2009.0/x86_64/beagle-doc-0.3.8-13.19mdv2009.0.x86_64.rpm
7195749c6fad30582e2138ec83cd6257 2009.0/x86_64/beagle-epiphany-0.3.8-13.19mdv2009.0.x86_64.rpm
1af4bd833fa9ca010e41131f838cbbfa 2009.0/x86_64/beagle-evolution-0.3.8-13.19mdv2009.0.x86_64.rpm
eeb48bc921e2e3091203a18e31e0113d 2009.0/x86_64/beagle-gui-0.3.8-13.19mdv2009.0.x86_64.rpm
c87ca77b25493fbf5e032b082ae52034 2009.0/x86_64/beagle-gui-qt-0.3.8-13.19mdv2009.0.x86_64.rpm
861e1e257a359f1c59e5e26368f5139c 2009.0/x86_64/beagle-libs-0.3.8-13.19mdv2009.0.x86_64.rpm
69d73c982942378a21ee3e98889a0ed5 2009.0/x86_64/devhelp-0.21-3.13mdv2009.0.x86_64.rpm
a7d732cc0da6c950ef585a85046ed743 2009.0/x86_64/devhelp-plugins-0.21-3.13mdv2009.0.x86_64.rpm
2d191ac392466c3477c7875e34a9f2da 2009.0/x86_64/epiphany-2.24.3-0.1mdv2009.0.x86_64.rpm
a6c7a8ca3bcf34e9f3833e6a8b91e3b1 2009.0/x86_64/epiphany-devel-2.24.3-0.1mdv2009.0.x86_64.rpm
d0e7e3245fa77b5ef8960a79ce21bb06 2009.0/x86_64/firefox-3.6.3-0.2mdv2009.0.x86_64.rpm
63e520ba7588c1a239f52650a409abe3 2009.0/x86_64/firefox-af-3.6.3-0.1mdv2009.0.x86_64.rpm
0a0514ae5279278dd543d8e9d5a74ea6 2009.0/x86_64/firefox-ar-3.6.3-0.1mdv2009.0.x86_64.rpm
b046e1f2e21cfcc0dafcf2d1f2147e8d 2009.0/x86_64/firefox-be-3.6.3-0.1mdv2009.0.x86_64.rpm
5b3934364b8700447e9d9535e250bd8f 2009.0/x86_64/firefox-bg-3.6.3-0.1mdv2009.0.x86_64.rpm
6ddd1531777cf7ce67ea9716ba8cfddb 2009.0/x86_64/firefox-bn-3.6.3-0.1mdv2009.0.x86_64.rpm
40fd81dd4a0149b65ae2966d22ea79cb 2009.0/x86_64/firefox-ca-3.6.3-0.1mdv2009.0.x86_64.rpm
6dc1fa26932922f2e2fe3b7eafa96278 2009.0/x86_64/firefox-cs-3.6.3-0.1mdv2009.0.x86_64.rpm
1c8d2e4d63dc840f5ff7336cf9a95f94 2009.0/x86_64/firefox-cy-3.6.3-0.1mdv2009.0.x86_64.rpm
855f2c7dba3d39b2d18341e0e2b60142 2009.0/x86_64/firefox-da-3.6.3-0.1mdv2009.0.x86_64.rpm
03a5d24dc0ac395cdb5863ad0d8a08a1 2009.0/x86_64/firefox-de-3.6.3-0.1mdv2009.0.x86_64.rpm
e15eca0c2cf300641408dcae79dad35d 2009.0/x86_64/firefox-devel-3.6.3-0.2mdv2009.0.x86_64.rpm
b873681e2b2bcf740ad1922d73c4fc3b 2009.0/x86_64/firefox-el-3.6.3-0.1mdv2009.0.x86_64.rpm
255836fc16b38a3e9cff98fdec593d72 2009.0/x86_64/firefox-en_GB-3.6.3-0.1mdv2009.0.x86_64.rpm
9d7f41999589a4ad2b9f3f302c2dadb1 2009.0/x86_64/firefox-eo-3.6.3-0.1mdv2009.0.x86_64.rpm
34eb9899867ff82b381c0365e810734e 2009.0/x86_64/firefox-es_AR-3.6.3-0.1mdv2009.0.x86_64.rpm
c04c9699007e522ecec8307222c30a02 2009.0/x86_64/firefox-es_ES-3.6.3-0.1mdv2009.0.x86_64.rpm
062b0004b51f26ccce27a27653bb2bee 2009.0/x86_64/firefox-et-3.6.3-0.1mdv2009.0.x86_64.rpm
fd7f4352375a80467def99dfba699e99 2009.0/x86_64/firefox-eu-3.6.3-0.1mdv2009.0.x86_64.rpm
705f3472e2d3169ec363196510479912 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
1173a4b4fd3f38dd889af0d9ed59f6d1 2009.0/x86_64/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.x86_64.rpm
41d89e33528a880294418ca6261ac2e7 2009.0/x86_64/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.x86_64.rpm
e6b4bbf44220b013c55cda04d1032b23 2009.0/x86_64/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.x86_64.rpm
38eff8b6559ebf17b31f4a55954efbf9 2009.0/x86_64/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.x86_64.rpm
b85b8ac568e02dec7e8b05b0de0ec9e9 2009.0/x86_64/firefox-fi-3.6.3-0.1mdv2009.0.x86_64.rpm
5198ebe263a2800e0855b5ab1b5daeb9 2009.0/x86_64/firefox-fr-3.6.3-0.1mdv2009.0.x86_64.rpm
05a37422c185c8b78a927b7046c2cad4 2009.0/x86_64/firefox-fy-3.6.3-0.1mdv2009.0.x86_64.rpm
fb204ed00d4395e66642c2591e25d886 2009.0/x86_64/firefox-ga_IE-3.6.3-0.1mdv2009.0.x86_64.rpm
7cde20e5c00181fce1c7ed0804c943fc 2009.0/x86_64/firefox-gl-3.6.3-0.1mdv2009.0.x86_64.rpm
16d879121afa8fbb5e62fb79380a5c18 2009.0/x86_64/firefox-gu_IN-3.6.3-0.1mdv2009.0.x86_64.rpm
931dadf42aeeeab516958a1ed007c6ef 2009.0/x86_64/firefox-he-3.6.3-0.1mdv2009.0.x86_64.rpm
e9b6aa923e51c47616a8017637d5de35 2009.0/x86_64/firefox-hi-3.6.3-0.1mdv2009.0.x86_64.rpm
6308d8595b6ecaeb1e21158ef6c68e88 2009.0/x86_64/firefox-hu-3.6.3-0.1mdv2009.0.x86_64.rpm
1f3c56761fc6d167118da0e418b1963c 2009.0/x86_64/firefox-id-3.6.3-0.1mdv2009.0.x86_64.rpm
b3f7f06b2dc1edca418d0d261f8baf82 2009.0/x86_64/firefox-is-3.6.3-0.1mdv2009.0.x86_64.rpm
003945e3312360dc940af96f42d92fc7 2009.0/x86_64/firefox-it-3.6.3-0.1mdv2009.0.x86_64.rpm
92c7a0e85cd1b95dd1d7d5955feac97f 2009.0/x86_64/firefox-ja-3.6.3-0.1mdv2009.0.x86_64.rpm
197c6e8f4f1bdc3837695bdc041698be 2009.0/x86_64/firefox-kn-3.6.3-0.1mdv2009.0.x86_64.rpm
119ed791ce67b84b07748ca2f0732b9c 2009.0/x86_64/firefox-ko-3.6.3-0.1mdv2009.0.x86_64.rpm
b3ff00bb4864619033660a743012c463 2009.0/x86_64/firefox-lt-3.6.3-0.1mdv2009.0.x86_64.rpm
29930fc9606f24675855adbc8b4b2b6a 2009.0/x86_64/firefox-lv-3.6.3-0.1mdv2009.0.x86_64.rpm
082522a456ea74880c61bef4c2dcc4db 2009.0/x86_64/firefox-mk-3.6.3-0.1mdv2009.0.x86_64.rpm
185f51ee26d47112b7d3a722623b1ad7 2009.0/x86_64/firefox-mr-3.6.3-0.1mdv2009.0.x86_64.rpm
b9740341cfd4122dd60e6d5c9b127e61 2009.0/x86_64/firefox-nb_NO-3.6.3-0.1mdv2009.0.x86_64.rpm
9624abaf7c0b8c2725c88628cbcb1c96 2009.0/x86_64/firefox-nl-3.6.3-0.1mdv2009.0.x86_64.rpm
f1439430df34b78d5a0acb9b27577dda 2009.0/x86_64/firefox-nn_NO-3.6.3-0.1mdv2009.0.x86_64.rpm
232d7f3748d59ff80a584096ec1f4187 2009.0/x86_64/firefox-pa_IN-3.6.3-0.1mdv2009.0.x86_64.rpm
db9619c8da4b591aed632bbc253024a5 2009.0/x86_64/firefox-pl-3.6.3-0.1mdv2009.0.x86_64.rpm
7a49d10b6dffc66c0339a2b289bffcf1 2009.0/x86_64/firefox-pt_BR-3.6.3-0.1mdv2009.0.x86_64.rpm
b3095daf59caab458dcb66d44cf2715d 2009.0/x86_64/firefox-pt_PT-3.6.3-0.1mdv2009.0.x86_64.rpm
ec2eb386bba46dfc82afc3b9a23c59dc 2009.0/x86_64/firefox-ro-3.6.3-0.1mdv2009.0.x86_64.rpm
264e54e90afde4d91291f8e9513a35d0 2009.0/x86_64/firefox-ru-3.6.3-0.1mdv2009.0.x86_64.rpm
d28cbbb51cd8af115d6aa19fdcbc667e 2009.0/x86_64/firefox-si-3.6.3-0.1mdv2009.0.x86_64.rpm
e4a453357b85ffbc06a68272258d713b 2009.0/x86_64/firefox-sk-3.6.3-0.1mdv2009.0.x86_64.rpm
0a5ee1c5390c9ad8219264124c740932 2009.0/x86_64/firefox-sl-3.6.3-0.1mdv2009.0.x86_64.rpm
98dedcba8df7ba5fffe380fe9e42a91c 2009.0/x86_64/firefox-sq-3.6.3-0.1mdv2009.0.x86_64.rpm
77c4d8206b02b1e3c3a9105db657dba1 2009.0/x86_64/firefox-sv_SE-3.6.3-0.1mdv2009.0.x86_64.rpm
6d495b355a354f1cc41aa7c09853ff02 2009.0/x86_64/firefox-te-3.6.3-0.1mdv2009.0.x86_64.rpm
619b1af0add310a0bc8f26af85ac5e4f 2009.0/x86_64/firefox-th-3.6.3-0.1mdv2009.0.x86_64.rpm
641a6560edb4d3535bdcf5f2a3274ded 2009.0/x86_64/firefox-theme-kfirefox-0.16-0.1mdv2009.0.x86_64.rpm
93dd62dde6f7acf1d8a005b4f0a125d4 2009.0/x86_64/firefox-tr-3.6.3-0.1mdv2009.0.x86_64.rpm
063148775c8f70727edd8acc17ebba66 2009.0/x86_64/firefox-uk-3.6.3-0.1mdv2009.0.x86_64.rpm
53209116b8df0c78b102d33d2bfe2e53 2009.0/x86_64/firefox-zh_CN-3.6.3-0.1mdv2009.0.x86_64.rpm
e84fc88f0ff0f41466714d2b190dbcd7 2009.0/x86_64/firefox-zh_TW-3.6.3-0.1mdv2009.0.x86_64.rpm
e94543ceb17503f17b461a176103a7e2 2009.0/x86_64/gnome-python-extras-2.19.1-20.13mdv2009.0.x86_64.rpm
b63735f07ddc070cf2de9292321cf09e 2009.0/x86_64/gnome-python-gda-2.19.1-20.13mdv2009.0.x86_64.rpm
e71637f9f5d358d618c7332cf05255d6 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.13mdv2009.0.x86_64.rpm
bfed42f6df08ef6ccdad497afecddf2d 2009.0/x86_64/gnome-python-gdl-2.19.1-20.13mdv2009.0.x86_64.rpm
9dc71957bcf1a93143eee7e3dc39e2d3 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.13mdv2009.0.x86_64.rpm
fa197ed3a2e7f518d407dc766b792090 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.13mdv2009.0.x86_64.rpm
5a4ee3b2f453dff90584d13c9017ca19 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.13mdv2009.0.x86_64.rpm
8f36eb149978ab777d024e3957326c2e 2009.0/x86_64/lemon-3.6.23.1-0.1mdv2009.0.x86_64.rpm
73956a58b0e05d086d715d04763163cd 2009.0/x86_64/lib64devhelp-1_0-0.21-3.13mdv2009.0.x86_64.rpm
132e693099e379bd9640dd509a1a03a9 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.13mdv2009.0.x86_64.rpm
4ae6a7a7cf956414b89b13c83281044e 2009.0/x86_64/lib64sqlite3_0-3.6.23.1-0.1mdv2009.0.x86_64.rpm
ee27f0c9e50f1014863bb55d13de33f6 2009.0/x86_64/lib64sqlite3-devel-3.6.23.1-0.1mdv2009.0.x86_64.rpm
40de413fac8f9cc4852025ddd3c7c1d4 2009.0/x86_64/lib64sqlite3-static-devel-3.6.23.1-0.1mdv2009.0.x86_64.rpm
b461aaa3bedd440fe64016cc7884c008 2009.0/x86_64/lib64xulrunner1.9.2.3-1.9.2.3-0.2mdv2009.0.x86_64.rpm
d0a615dffd6f8994c65afb35e903b7cb 2009.0/x86_64/lib64xulrunner-devel-1.9.2.3-0.2mdv2009.0.x86_64.rpm
725550e9353b2363ac9c2762af7b312d 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.19mdv2009.0.x86_64.rpm
bd2b864a41009c5be5f2089b24a23ec2 2009.0/x86_64/sqlite3-tools-3.6.23.1-0.1mdv2009.0.x86_64.rpm
fcbdb22765c0c97bbc2c564ee830136f 2009.0/x86_64/tcl-sqlite3-3.6.23.1-0.1mdv2009.0.x86_64.rpm
908aaacd5ab6f41316d7ddf994a8d816 2009.0/x86_64/xulrunner-1.9.2.3-0.2mdv2009.0.x86_64.rpm
80ca2d23beb4614c6bb2a93d3ce030f7 2009.0/x86_64/yelp-2.24.0-3.13mdv2009.0.x86_64.rpm
be1deab60f8a725f6b8bfbdb8a238599 2009.0/SRPMS/beagle-0.3.8-13.19mdv2009.0.src.rpm
958d586e0f51b3eb27c2f8f52e7829db 2009.0/SRPMS/devhelp-0.21-3.13mdv2009.0.src.rpm
4792b42cbf525647004d34d274d6682d 2009.0/SRPMS/epiphany-2.24.3-0.1mdv2009.0.src.rpm
7e6b40730ae28d3084d6177fb3403037 2009.0/SRPMS/firefox-3.6.3-0.2mdv2009.0.src.rpm
4c7598ff3fa6a31f94e709d181ca2f09 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.1mdv2009.0.src.rpm
025b7f312ccccfd2067f120a810a919a 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.1mdv2009.0.src.rpm
8918fef155fcc90af164c9150baeaaa5 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.1mdv2009.0.src.rpm
227410c21b1116934dd9ea09294625ca 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.1mdv2009.0.src.rpm
07425c1f47917b38e1d0234885e1965f 2009.0/SRPMS/firefox-l10n-3.6.3-0.1mdv2009.0.src.rpm
3d37604eec701b6cf4af3d1838e909f3 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.1mdv2009.0.src.rpm
c7182e1d6cf288efab29adfda90e96f3 2009.0/SRPMS/gnome-python-extras-2.19.1-20.13mdv2009.0.src.rpm
e6ea77abf2cedcbbfeb7800a35c2caf3 2009.0/SRPMS/sqlite3-3.6.23.1-0.1mdv2009.0.src.rpm
86f62d2fb87e6ac0839ad62d76528e66 2009.0/SRPMS/xulrunner-1.9.2.3-0.2mdv2009.0.src.rpm
1b06f8c1ef094dc481bad8e0f43223e6 2009.0/SRPMS/yelp-2.24.0-3.13mdv2009.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLzcvxmqjQ0CJFipgRAtNGAKDEqh4LRf1/oRYyO5JD1KnyY8XLIgCeMdT4
Jz48CUUPft0pgWj9ornc5zI=
=8WEi
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/